Aggregator

朝鲜Konni APT组织针对韩国金融行业定向钓鱼攻击

PowerHuntShares PowerHuntShares is designed to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intended to help IAM and other blue teams gain a...

The post PowerHuntShares: inventory, analyze, and report excessive privileges configured on Active Directory domains appeared first on Penetration Testing Tools.

A vulnerability was found in Apple iOS and iPadOS up to 15.3.1. It has been classified as critical. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-22610. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS up to 8.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-22610. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple tvOS up to 15.3. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is known as CVE-2022-22610. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as critical. This issue affects some unknown processing of the component WebKit. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2022-22610. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple Safari up to 15.3. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-22610. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in AjaXplorer 4.2.3. Affected by this vulnerability is an unknown functionality of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-40358. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Nero ShowTime 5.0.15.0 and classified as very critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2008-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Moodle. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2010-1616. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Moodle. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2010-1617. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Moodle. This affects an unknown part of the component Error Message Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2010-1618. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Moodle and classified as problematic. This vulnerability affects the function fix_non_standard_entities in the library weblib.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2010-1619. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

BSI Cites New Technologies, Geopolitical Tensions as Key Risk Factors
Mounting decentralization and digitization put electricity grids at risk of hacking that could cause power outages, the German cybersecurity agency warned Wednesday. Technologies such as internet-connected solar power inverters and a tense geopolitical situation sparks increased concern.

Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security
By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies.

Also: Signal Blocks Recall, Europe Sanctions Stark Industries
This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.

Hacker Demanded $20M Ransom to Delete Stolen Personal, Financial Information
A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company's overseas customer support agents.